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REMARKS 

Applicants appreciate the thorough examination of the present application that is 
reflected in the Final Official Action. Applicants have studied the Examiner's newly introduced 
basis of rejecting the independent claims based on Matchett, and respectfully submit that the 
pending claims are patentable over England, Bjorn, and Matchett for the reasons that now will be 
described. 



Objections to the Specification 

The specification has been objected to on page 2, section 3, of the Final Office Action 
the basis that disclosed web addresses are executable. In accordance with the Examiner's 
suggestion for overcoming this objection, the specification has been amended to place the 
references to web addresses within quotation marks. Accordingly, Applicants respectfully 
submit that the objections relating thereto have been overcome. 



Applicants File Herewith » Terminal re claimer to Overcome the Provisional Obviousness- 
Tvne Doub le Patenting Rejection nf Claims 1. 33. 56 and 69: 

Claims 1, 33, 56 and 69 have been provisionally rejected under the nonstatutory 
judicially created doctrine of obviousness-type double patenting over copending U.S. 
Application Serial No. 09/764,827. Applicants submit herewith a Terminal Disclaimer 
disclaiming additional term over the copending U.S. Application Serial No. 09/764,827. 
Applicants' agreement to provide a Terminal Disclaimer is to expedite issuance of the present 
case and does not admit that the present invention is obvious in light of the copending U.S. 
Application Serial No. 09/764,827. Withdrawal of the obviousness-type double patenting 
rejection is respectfully requested. 

Amended Independent Claims 1. 33 and 56 are Patentable over the Cited references 

Claims 1, 3-4, 6-7, 10, 13-14, 16-17, 19, 33, 35-36, 38, 39, 42, 45-46, 48-49, 51, 56-59, 
61-62, 65, 68-69, 71-72 and 74 stand rejected under 35 U.S.C. §103(a) as being unpatentable 
over United States Patent No. 6,125,192 to Bjorn et a/(hereinafter "Bjom") in view of United 
States Patent No. 5,229,764 to Matchett et al Applicants respectfully disagree as many of the 
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recitations of these claims are neither disclosed nor suggested by the cited references. For 
example, Amended Independent Claim 1 recites: 

A system for securely providing biometric input from a user, comprising: 

a security component which provides security functions, such that the security 
component can vouch for authenticity of one or more other components with which k the 
security component is Securely operably connected; 

a biometric sensor component that is securely operably connected, as one of the 
one or more other components, to the security component; 

a card containing stored secrets and stored identifying information pertaining to 
an authorized holder of the card; 

a card reader for repeatedly accessing the stored secrets and stored identifying 
information, wherein the stored identifying information comprises stored biometric 
information of the authorized holder and wherein the card reader is configured to 
repeatedly access the stored secrets and stored identifying information upon beginning a 
security-sensitive operation and is configured to terminate repeatedly accessing upon 
completion of the security-sensitive operation; 

means for operably inserting the card into the card reader; 

means for establishing a secure, operable connection between the biometric 
sensor, the card reader, and the security component; 

means for comparing the repeatedly obtained biometric information to the stored 
biometric information of the authorized holder of the card; and 

means for concluding, within the security component, that the security- 
sensitive op eration is authentic based on all the one or more other components 
which are sec urely operably connected to the security component remaining 
securely oper ably connected to the security component until completion of the 
security-sensitive operation . 

Independent Claims 33 and 56 contain corresponding computer program product and method 
recitations, respectively. Applicants respectfully submit that at least the highlighted portion of 
Claim 1 is neither disclosed nor suggested by the cited reference for at least the reasons 
discussed herein 

Independent Claims I, 33 and 56 stand formally rejected as unpatentable over Bjorn in 
view of Matchett. Applicants explained in detail in their Amendment filed November 2, 2004 
why the pending claims are respectfully submitted to be patentable over Bjorn. The Final Office 
Action appears to concede thai Bjorn does not teach all of the recitations of these claims by its 
citation for the first time to Matchett. In particular, on Pages 2-2, Section 2.1, of the Final Office 
Action, the Examiner states the following: 

Applicant has amended the independent claims by combining some of the dependent 
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claims to recite for example the step of "concluding that the security-sensitive operation 
is authentic also requires that all other components which are securely operably 
connected to the security core and which are involved in the security-sensitive operation 
remain connected until completion of the security-sensitive operation." This added 
limitation can be found in one of the cited art (England, column 1 1, line 54 through 
column 12, line 8). 

Initially, Applicants note that the Examiner has not made a formal rejection of the 
independent claims in view of England. However, even if the pending claims are rejected in 
-view of England, the cited portion of England recites the following: 

The operating system checks the signature of a component before loading it (block 303). 
If the signature is valid (block 305), the component has not been compromised by 
someone attempting to circumvent the boot process and the process proceeds to check the 
level of trust assigned to the component (block 307). If the signature is not valid (or if 
there is no signature) but the component must be loaded (block 319), the operating 
system will not assume the identity of a DRMOS upon completion of the boot process as 
explained further below. 

A plug-and-play operating system provides an environment in which devices and then- 
supporting software components can be added to the computer during normal operation 
rather than requiring all components be loaded during the boot process. If the device 
requires the loading of an untrusted component after the boot process completes, a plug- 
and~play DRMOS must then "renounce" its trusted identity and terminate any executing 
trusted applications (block 323) before loading the component The determination that an 
untrusted component must be loaded can be based on a system configuration parameter 
or on instructions from the user of the computer. 
((England, column 1 1, line 54 through column 12, line 8, emphasis added). 

The cited portion of England is a description of FIG. 3 of that reference which is shown 

below: 

FIG. 3 of ENGLAND 
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With regard to FIG. 3, England describes that a component can be verified and loaded 
during or after a boot process. With regard to Block 303, England describes that an "operating 
system [that] checks the signature of a component before loading it " to determine whether it is 
trusted or untrusted. (England, column 1 1 , lines 54-55). England also describes that "all 
components are signed by a trusted source and provided with a rights manager certificate", the 
rights manager certificate is the signature that is checked by the operating system. (England, 
column 1 1 , lines 50-5 1). When the signature is determined to be valid (at Blocks 305-307), the 
component is loaded at Block 3 1 1 into the operating system irrespective of whether the 
component is being loaded during the boot process or after the boot process. It is only when the 
signature from a component is determined at Block 305 to be invalid does the operating system 
perform a further check at Block 321 as to whether the component is being tested after the boot 
process and, if so, then at Block 323 the operating system renounces its trust of the component 
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and loads the component at Block 311. 

Applicants submit that nowhere does England disclose that the operating system 
determine whether a component is trusted or untrusted based on whether the component has 
remained connected to the computer. Instead, (he operating system of England tests only the 
signature (rights manager certificate) received fiom the component to determine whether it is to 
be trusted. Consequently, once the signature (rights manager certificate) from a component is 
loaded into the operating system, the component can subsequently be removed from the 
computer and later reconnected to the computer without any effect on the determination of 
trustworthiness of that component by the operating system (Blocks 303-309). 

Accordingly, Applicants submit that the cited portion of England does not disclose or 
suggest at least the highlighted recitations of the independent claims for at least these reasons. 

Furthermore, Matchett does not provide the missing teachings. The Final Office Action 
appears to concede that Bjom does not disclose or suggest all of the recitations of the 
independent claims. (Final Office Action, page 6) However, the Final Office Action points to 
Matchett in an attempt to provide the missing teaching. 

Furthermore, there is no motivation or suggestion to combine the cited references as 
suggested in the Final Office Action. As affirmed by the Court of Appeals for the Federal 
Circuit in In re Sang-su Lee, a factual question of motivation is material to patentability, and 
cannot be resolved on suhi^tive belief an d unknown authority See In re Sang-su Lee, 277 
F.3d 1 338 (Fed. Cir. 2002). It is improper, in determining whether a person of ordinary skill 
would have been led to this combination of references, simply to "[use] that which the inventor 
taught against its teacher." W.L. Gore v. Garlock, Inc., 721 F.2d 1540, 1553, 220U.S.P.Q. 303, 
312-13 (Fed. Cir. 1983). 

The Final Office Action states: 

Therefore, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the system of Bjom et al. to provide teachings means for 
repeatedly obtaining from the biometric sensor component biometric input of a user of 
the computing device and means for comparing the repeatedly obtained biometric input 
to the securely-stored biometric information of the owner , wherein each comparison 
comprises an authentication of the user as taught by Matchett et al. This modification 
would have been obvious because one skilled in the art would have been motivated by 
the suggestions provided by Matchett et al. so as to enhance security and prevent user 
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substitution to an unauthorized user, for example (see column 2, lines 55-66). 

(See Final Office Action, page 7). This motivation is a motivation based on "subjective belief 
and unknown authority", the type of motivation that was rejected by the Federal Circuit in In re 
Sangsu Lee. In other words, the Final Office Action does not point to any specific portion of the 
cited references that would induce one of skill in the art to combine the cited references as 
suggested in the Final Office Action. If the motivation provided in the Final Office Action is 
adequate to sustain the Office's burden of motivation, then anything that would "enhance security 
and prevent user substitution to an unauthorized user" would render a combination obvious. This 
cannot be the case. Accordingly, the statement in the Final Office Action with respect to 
motivation does not adequately address the issue of motivation to combine as discussed in In re 
Song-su Lee. Thus, it appears that the Final Office Action gains its alleged impetus or 
suggestion to combine the cited references by hindsight reasoning informed by Applicants- 
disclosure, which, as noted above, is an inappropriate basis for combining references. 

However, for the sake of argument, even if Bjorn is combined with Matchett, they still 
would not disclose or suggest all of the recitations of the independent claims. Matchett states: 



Security protection could be enhanced by instructing the protected system to shut down 
should it be disconnected from the system 400 according to the present invention. Using 
such connection-dependent instructions, the protected computer's keyboard could be 
connected through a chassis of the system 400 according to the present invention. 
(Matchett, Col. 10, lines 2-10). 

Accordingly, Matchett teaches that a protected device itself can shut down if it is 
disconnected from the security system. With reference to FIG. 1 of Matchett, a protected device 
(shown as "protected device control") can shut itself down if it is disconnected from the 
authentication system 100. However, Matchett does not suggest that the authentication system 
100 makes any determination of authenticity of a security-sensitive operation based on the 
protected device becoming disconnected. Accordingly, if the protected device is reconnected to 
the authentication system 100, the data that is subsequently received would not be treated 
differently than if the protected device had not become disconnected. 
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Furthermore, Matchett does not teach or suggest a security core that can determine the 
authenticity of a security-sensitive operation based on components (other than a biometric 
sensor) remaining securely operably connected to the security core during the security-sensitive 
operation, as recited in the independent claims. Matchett lacks such teaching because it 
discloses, and is concerned with, protecting only a single protected device. With reference to 
FIG. 1 of the present application, the security core of the present may protect a plurality of 
various different types of devices 1 12-136. 

Consequently, Applicants respectively submit that the Final Office Action has not 
established aprima facie case of obviousness. Accordingly, Applicants respectfully submit that 
none of the cited references either alone or in combination disclose or suggest all of the 
recitations of the independent claims for at least the reasons discussed herein. Furthermore, the 
dependent claims are patentable at least per the patentability of the independent claims from 
which they depend. 



CONCLUSION 

In light of the above amendments and remarks, Applicants respectfully submit that the 
above-entitled application is now in condition for allowance. Favorable reconsideration of this 
application, as amended, is respectfully requested. 

Respectfully submitted, 

Elizabeth A. Stanek 
Registration No. 48,568 

USPTO Customer No. 46589 
Myers Bigel Sibley & Sajovec 
Post Office Box 37428 
Raleigh, North Carolina 27627 
Telephone: 919/854-1400 
Facsimile: 919/854-1401 
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